- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Thu, 5 Sep 2019 10:28:05 -0700
- To: David Bokan <bokan@chromium.org>
- Cc: uri@w3.org
- Message-Id: <7B3100C4-3CA1-4B63-88DE-F87930980FE5@gbiv.com>
> On Sep 5, 2019, at 10:09 AM, Roy T. Fielding <fielding@gbiv.com> wrote: > >> On Sep 5, 2019, at 9:37 AM, David Bokan <bokan@chromium.org <mailto:bokan@chromium.org>> wrote: >> >> Hello all, >> >> I'd like to get some broader feedback on the proposal of a "fragment directive". The basic idea is to encode a section of the URL fragment for "UA instructions". e.g. >> >> https://example.org#fragment##fragment-directive <https://example.org/#fragment##fragment-directive> > Absolutely not. Only one # is allowed in a reference because some implementations parse > left-to-right (correctly) and others parse right-to-left (incorrectly), and there is absolutely > nothing you can say or do that will ever make that interoperable in practice. > > In contrast, > > https://example.org/#text=what%20I%20am%looking%20for <https://example.org/#text=what%20I%20am%looking%20for> > > will do exactly what you want (it has been specified many times before) without changing > reference parsers or the meaning of identifiers: all you need to do is change the default action > for the browser to take in HTML when there is no matching id for the fragment in the target > context and the fragment's prefix= matches this new semantic. Oh, and I should also mention this creates a new timing attack on secured content, but I personally think such attacks should be prevented at their source (scripts permitted to make infinite requests at high speed). ....Roy
Received on Thursday, 5 September 2019 17:28:40 UTC